Verbatim Fingerprint Secure Portable Hard Drive #53650 Missing Trust

Discussion in 'News Aggregator' started by Packet Storm, 21 Jun 2022.

  1. Packet Storm

    Packet Storm Guest

    When analyzing the Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01B), which then gets successfully executed by the USB-to-SATA bridge controller.

    Continue reading...
     

Share This Page

Loading...